#Kubernetes/#K8S Q: I've been having an issue all this while I haven't quite been able to tackle. How do I properly mount a #Samba/#SMB/#CIFS share in a #Docker container on Kubernetes?
I definitely don't want a method that does any "pass through" outside of the container such as mounting said share on the Kubernetes node then passing it to the container, since that seems quite hacky and the deployment/pod could easily be reassigned to a different node.
Update: I've found #csi-driver-smb which seems to be perfect for my needs, and even a video of someone deploying it to their cluster for #Jellyfin.
I've deployed it successfully to my #Kubernetes cluster pretty easily, and am attempting to achieve the same thing but on #Plex rather than Jellyfin. Ran into another obstacle tho, while it seems that my #TrueNAS#SMB share is mounted to the container (shows up in df -h), my root user in the container could not ls the mount point (i.e. /mnt/smb), it'd just return the Permission denied error. Weird thing is the root user could cd into the mount point and its existing subdirectories, but not ls them or write any files to them. I could cat files inside it though, funnily enough.
the PV for said PVC has mounting options included in csi-driver-smb's example including dir_mode=0777, and file_mode=0777, with minor changes such as uid=1001 and gid=1001 I've updated them to 0, which is the uid and gid of the root user. I've even tried updating them to 1000 which is the id of the user plex, but still with the same results.
Anyone have any clue why I'm getting the permission denied error?
The #SMB share could be accessed (ls-ed) directly on the worker node:
sudo ls -alZ /var/lib/kubelet/plugins/kubernetes.io/csi/smb.csi.k8s.io/{volume}/globalmount
-but not on the container itself. The fix is, the worker nodes (with SELinux) needs the boolean, virt_use_samba to be enabled. On the worker node, check if it is indeed disabled:
@irfan Glad you worked it out! The high default level of security (and SELinux in particular) can add some irritating hindrances sometimes, but it’s worth it 🔒
Add comment